<?php
session_start();
if($a == 'logout') {
	list($userid, $password) = $_COOKIE['tbs_user'] ? explode("\t", authcode($_COOKIE['tbs_user'], 'DECODE')) : array('', '');
	$userid = intval($userid);
	setcookie('tbs_user', '', '-1');
	unset($userid, $password, $username, $flag);
	message('成功退出系统！', 'index.php');
}
if($a == 'checklogin') {
	session_start();
	$username = char($_POST['username']);
	$password = md5($_POST['password']);
	$seccode = $_POST['seccode'];
	if($username == '') {
		message('请输入用户名！', '?m=login&a=login');
	} elseif($_POST['password'] == '') {
		message('请输入密码！', '?m=login&a=login');
	}
	$sql = "select id,username,password,flag from ".$tablepre."users where username='$username'";
 	$query = $db->query($sql);
	if(!$db->rows_count($sql)) {
		message('不存在此用户！', '?m=login&a=login');
	}
	$user = $db->fetch_array($query);
	
	if($user["password"] != $password) {
		message('您的密码不正确，请重新输入！', '?m=login&a=login');
	} elseif ($user['username'] && $user['password'] == $password) {
		$username = $user['username'];
		$password = $user['password'];
			
		$flag = $user['flag'];
		$userid = $user['id'];
		setcookie('tbs_user', authcode("$userid\t$password"), time()+$options['timeoffset']*3600+2592000);
		if($flag) {	
			$tourl = 'admin.php?m=index';
		} else {
			$tourl = 'index.php';
		}
		message('登录成功！', $tourl);
   	 }
}
?>